Security Policy

Overview

This Information Security Policy is structured around ISO/IEC 27001:2013 international standards.

Core Mission: To protect the organisation’s information assets from all threats, whether internal or external, deliberate, or accidental, seeking to ensure continuity of operations.

Policy Commitments

Marketpay’s leadership has approved the following foundational commitments:

1. Protection Standards — Safeguarding information and supporting systems against loss of confidentiality, integrity, and availability.

2. Regulatory Compliance — Meeting all applicable legislative, regulatory, and contractual requirements.

3. Risk Management — Conducting systematic security risk analysis on all information systems.

4. Contingency Planning — Developing security continuity protocols.

5. Staff Training — Providing comprehensive information security education.

6. Incident Management — Addressing and investigating all suspected or actual security violations.

7. Third-Party Oversight — Monitoring security commitments of external partners and service providers.

8. Continuous Improvement — Systematically enhancing the ISMS framework.

Organizational Structure

• Committee Level: Information Security Management Committee oversees implementation.
• Department Level: All managers ensure policy compliance within their areas.
• Individual Level: Every employee must adhere to established protocols.

Review and Updates

The policy undergoes annual review for adequacy, with additional extraordinary reviews triggered by significant security events or incidents affecting information protection.

Leadership Commitment

CEO Ricard Forn provides executive endorsement, confirming full organizational support for consistent policy compliance.